CVE-2014-0172

Priority
Medium
Description
Integer overflow in the check_section function in dwarf_begin_elf.c in the
libdw library, as used in elfutils 0.153 and possibly through 0.158 allows
remote attackers to cause a denial of service (application crash) or
possibly execute arbitrary code via a malformed compressed debug section in
an ELF file, which triggers a heap-based buffer overflow.
References
Bugs
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):not-affected (code not present)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (code not present)
Ubuntu 12.10 (Quantal Quetzal):released (0.153-1ubuntu1.1)
Ubuntu 13.10 (Saucy Salamander):released (0.157-1ubuntu1.1)
Ubuntu 14.04 LTS (Trusty Tahr):released (0.158-0ubuntu5.1)
Ubuntu 14.10 (Utopic Unicorn):released (0.158-0ubuntu5.1)
Patches:
Upstream:https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=7f1eec317db79627b473c5b149a22a1b20d1f68f
More Information

Valid XHTML 1.0 Strict

Updated: 2014-05-02 17:14:37 UTC (commit 8003)